Multiple vulnerabilities in IBM Tivoli Network Manager IP Edition
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 8 |
| CVE-ID | CVE-2019-2534 CVE-2019-2529 CVE-2019-2482 CVE-2019-2455 CVE-2019-2503 CVE-2019-2537 CVE-2019-2481 CVE-2019-2531 |
| CWE-ID | CWE-264 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Tivoli Network Manager IP Edition Other software / Other software solutions |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 8 vulnerabilities.
1) Security restrictions bypass
EUVDB-ID: #VU17026
Risk: Low
CVSSv3.1: 6.2 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-2534
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to bypass security restrictions.
The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can bypass security restrictions to read potentially sensitive information and modify arbitrary data.
Install update from vendor's website.
Vulnerable software versionsTivoli Network Manager IP Edition: 3.9.0.4 - 3.9.0.5
External linkshttp://www.ibm.com/support/pages/node/879841
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Denial of service
EUVDB-ID: #VU17025
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-2529
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to cause DoS condition.
The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.
Install update from vendor's website.
Vulnerable software versionsTivoli Network Manager IP Edition: 3.9.0.4 - 3.9.0.5
External linkshttp://www.ibm.com/support/pages/node/879841
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Denial of service
EUVDB-ID: #VU17024
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-2482
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to cause DoS condition.
The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.
Install update from vendor's website.
Vulnerable software versionsTivoli Network Manager IP Edition: 3.9.0.4 - 3.9.0.5
External linkshttp://www.ibm.com/support/pages/node/879841
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Denial of service
EUVDB-ID: #VU17028
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-2455
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to cause DoS condition.
The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.
Install update from vendor's website.
Vulnerable software versionsTivoli Network Manager IP Edition: 3.9.0.4 - 3.9.0.5
External linkshttp://www.ibm.com/support/pages/node/879841
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Security restrictions bypass
EUVDB-ID: #VU17029
Risk: Low
CVSSv3.1: 5.6 [CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-2503
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows an adjacent authenticated attacker to bypass security restrictions.
The weakness exists in MySQL Protocol due to unspecified flaw. An adjacent attacker can bypass security restrictions to read potentially sensitive information and cause the service to crash.
Install update from vendor's website.
Vulnerable software versionsTivoli Network Manager IP Edition: 3.9.0.4 - 3.9.0.5
External linkshttp://www.ibm.com/support/pages/node/879841
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Denial of service
EUVDB-ID: #VU17038
Risk: Low
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-2537
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.
The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.
Install update from vendor's website.
Vulnerable software versionsTivoli Network Manager IP Edition: 3.9.0.4 - 3.9.0.5
External linkshttp://www.ibm.com/support/pages/node/879841
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Denial of service
EUVDB-ID: #VU17040
Risk: Low
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-2481
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.
The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.
Install update from vendor's website.
Vulnerable software versionsTivoli Network Manager IP Edition: 3.9.0.4 - 3.9.0.5
External linkshttp://www.ibm.com/support/pages/node/879841
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Denial of service
EUVDB-ID: #VU17044
Risk: Low
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-2531
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.
The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.
Install update from vendor's website.
Vulnerable software versionsTivoli Network Manager IP Edition: 3.9.0.4 - 3.9.0.5
External linkshttp://www.ibm.com/support/pages/node/879841
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
